TREDISEC is a European collaborative Research and Innovation Action that leverages existing or novel cryptographic protocols and system security mechanisms, which offer strong data confidentiality, integrity and availability guarantees while permitting efficient storage and data processing across multiple tenants.
From a practical standpoint, the ambition of this project is to develop systems and techniques that make the cloud a secure and efficient place to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge instead on a (possibly standardized) single framework where all objectives are met to the highest extent possible.
Started on April 1st 2015, the ultimate goal of TREDISEC is to converge to a unified framework where resulting primitives are integrated, while following the end-to-end security principle as closely as allowed by functional and non-functional requirements.
- Project Title
- Trust-aware, REliable and Distributed Information SEcurity in the Cloud
- Project Acronym
- ICT-32-2014 Cybersecurity, Trustworthy ICT
- Type of Action
- Research and Innovation action
- Grant Agreement no.
- 36 months
- Date of Start
- 1st April, 2015
- 6.470.618,94 €
Learn more about the Project Consortium
The current trend for data placement shows a steady shift towards "the cloud". The advent of cloud storage and computation services however comes at the expense of data security and user privacy.
To remedy this, customers nowadays call for end-to-end security whereby only end-users and authorized parties have access to their data and no-one else. This is especially true after the outbreak of data breaches and global surveillance programs last year.
In the Tredisec project, we address this problem and we develop systems and techniques which make the cloud a secure and efficient heaven to store data. We plan to step away from a myriad of disconnected security protocols or cryptographic algorithms, and to converge on a single framework where all objectives are met.
More specifically, Tredisec addresses the confidentiality and integrity of outsourced data in the presence of a powerful attacker who controls the entire network. In addition, our proposed security primitives support data compression and data deduplication, while providing the necessary means for cloud providers to efficiently search and process encrypted data.
By doing so, Tredisec aims at creating technology that will impact existing businesses and will generate new profitable business opportunities long after the project is concluded.
Designing novel end-to-end security solutions for scenarios with conflicting functional and security requirements
- Supporting data reduction: enabling cloud providers to perform data reduction (e.g., deduplication and compression) without compromising the confidentiality of outsourced data.
- Enabling secure data processing: focusing on new techniques that enable the processing of encrypted data in an efficient and privacy-preserving manner, guaranteeing efficient data processing that scales with large amounts of outsourced data.
- Enhancing data availability and integrity : ensuring the availability and the integrity of outsourced data against misbehaving cloud providers, allowing users to verify that, relying only on low capacity devices such as smart-phones. This entails that the verification process performed by the end-user should not be greedy in terms of either bandwidth or computation.
- Ensuring user isolation in multi-tenant systems : identifying platform and operating system primitives that provide strong isolation guarantees to individual user’s workloads, and integrate these solutions into current and future infrastructures such that it only minimally impacts their performance and efficiency.
Implementing a unified framework to support the orchestration of the security mechanisms in different scenarios.
- Once different security mechanisms have been designed, our ultimate goal would be to produce a realistic system where various features will work in a holistic manner.
- The integration of the newly proposed features as part of a unique architecture requires a delicate design of the various system components in order to prevent any possible incompatibilities that might arise between them.
By devising and evaluating such primitives, and the framework to orchestrate them we will foster the concepts of "security and privacy by design", which in turn will provide strong incentives for small and medium businesses to securely store and process their outsourced data in the cloud.